package com.atlassian.bitbucket.internal.secretscanning.rules;

import com.atlassian.bitbucket.NoSuchEntityException;
import com.atlassian.bitbucket.dmz.features.RequireFeature;
import com.atlassian.bitbucket.dmz.secretscanning.DmzSecretScanningAllowlistRule;
import com.atlassian.bitbucket.dmz.secretscanning.DmzSecretScanningAllowlistRuleService;
import com.atlassian.bitbucket.dmz.secretscanning.SecretScanningAllowlistRuleSearchRequest;
import com.atlassian.bitbucket.dmz.secretscanning.SecretScanningAllowlistSetRequest;
import com.atlassian.bitbucket.dmz.secretscanning.event.SecretScanningAllowlistRuleCreatedEvent;
import com.atlassian.bitbucket.dmz.secretscanning.event.SecretScanningAllowlistRuleDeletedEvent;
import com.atlassian.bitbucket.dmz.secretscanning.event.SecretScanningAllowlistRuleUpdatedEvent;
import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.internal.secretscanning.dao.SecretScanningAllowlistRuleDao;
import com.atlassian.bitbucket.internal.secretscanning.rules.SimpleSecretScanningAllowlistRule;
import com.atlassian.bitbucket.permission.Permission;
import com.atlassian.bitbucket.permission.PermissionService;
import com.atlassian.bitbucket.permission.PermissionValidationService;
import com.atlassian.bitbucket.project.ProjectType;
import com.atlassian.bitbucket.scope.GlobalScope;
import com.atlassian.bitbucket.scope.ProjectScope;
import com.atlassian.bitbucket.scope.RepositoryScope;
import com.atlassian.bitbucket.scope.Scope;
import com.atlassian.bitbucket.scope.ScopeVisitor;
import com.atlassian.bitbucket.server.StandardFeature;
import com.atlassian.bitbucket.util.Page;
import com.atlassian.bitbucket.util.PageRequest;
import com.atlassian.bitbucket.util.ValidationUtils;
import com.atlassian.bitbucket.validation.ArgumentValidationException;
import com.atlassian.bitbucket.validation.groups.Create;
import com.atlassian.bitbucket.validation.groups.Update;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.stash.internal.secretscanning.InternalSecretScanningAllowlistRule;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.validation.Validator;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.transaction.annotation.Transactional;

@Transactional(readOnly = true)
@RequireFeature(StandardFeature.SECRET_SCANNING)
/* loaded from: input_file:com/atlassian/bitbucket/internal/secretscanning/rules/DefaultSecretScanningAllowlistRuleService.class */
public class DefaultSecretScanningAllowlistRuleService implements DmzSecretScanningAllowlistRuleService {
    private final SecretScanningAllowlistRuleDao dao;
    private final EventPublisher eventPublisher;
    private final I18nService i18nService;
    private final PermissionService permissionService;
    private final PermissionValidationService permissionValidationService;
    private final Validator validator;

    public DefaultSecretScanningAllowlistRuleService(SecretScanningAllowlistRuleDao secretScanningAllowlistRuleDao, EventPublisher eventPublisher, I18nService i18nService, PermissionService permissionService, PermissionValidationService permissionValidationService, Validator validator) {
        this.dao = secretScanningAllowlistRuleDao;
        this.eventPublisher = eventPublisher;
        this.i18nService = i18nService;
        this.permissionValidationService = permissionValidationService;
        this.permissionService = permissionService;
        this.validator = validator;
    }

    @Transactional
    public DmzSecretScanningAllowlistRule create(SecretScanningAllowlistSetRequest secretScanningAllowlistSetRequest, Scope scope) {
        Objects.requireNonNull(secretScanningAllowlistSetRequest, "request");
        Objects.requireNonNull(scope, "scope");
        ValidationUtils.validate(this.validator, secretScanningAllowlistSetRequest, new Class[]{Create.class});
        validateRequiredRegex(secretScanningAllowlistSetRequest.getLineRegex(), secretScanningAllowlistSetRequest.getPathRegex());
        validateIsAdminForScope(scope);
        validateScopeType(scope);
        DmzSecretScanningAllowlistRule transform = transform((InternalSecretScanningAllowlistRule) this.dao.create(new InternalSecretScanningAllowlistRule.Builder(secretScanningAllowlistSetRequest.getName()).lineRegex(secretScanningAllowlistSetRequest.getLineRegex()).pathRegex(secretScanningAllowlistSetRequest.getPathRegex()).scope(scope).build()));
        this.eventPublisher.publish(new SecretScanningAllowlistRuleCreatedEvent(this, transform, scope));
        return transform;
    }

    @Transactional
    public void deleteRuleById(long j, Scope scope) {
        InternalSecretScanningAllowlistRule internalSecretScanningAllowlistRule = (InternalSecretScanningAllowlistRule) this.dao.getById(Long.valueOf(j));
        if (internalSecretScanningAllowlistRule != null && isAdminForScope(internalSecretScanningAllowlistRule.getScope()) && internalSecretScanningAllowlistRule.getScope().getType() == scope.getType()) {
            DmzSecretScanningAllowlistRule transform = transform(internalSecretScanningAllowlistRule);
            this.dao.deleteById(Long.valueOf(j));
            this.eventPublisher.publish(new SecretScanningAllowlistRuleDeletedEvent(this, transform, internalSecretScanningAllowlistRule.getScope()));
        }
    }

    public Optional<DmzSecretScanningAllowlistRule> getRuleById(long j, Scope scope) {
        Objects.requireNonNull(scope, "scope");
        return Optional.ofNullable(this.dao.getById(Long.valueOf(j))).filter(internalSecretScanningAllowlistRule -> {
            return internalSecretScanningAllowlistRule.getScope().getType() == scope.getType();
        }).filter(internalSecretScanningAllowlistRule2 -> {
            return isAdminForScope(internalSecretScanningAllowlistRule2.getScope());
        }).map(this::transform);
    }

    public Page<DmzSecretScanningAllowlistRule> search(PageRequest pageRequest, Scope scope, SecretScanningAllowlistRuleSearchRequest secretScanningAllowlistRuleSearchRequest) {
        Objects.requireNonNull(pageRequest, "pageRequest");
        Objects.requireNonNull(secretScanningAllowlistRuleSearchRequest, "searchRequest");
        validateIsAdminForScope((Scope) Objects.requireNonNull(scope, "scope"));
        return this.dao.search(pageRequest, scope, secretScanningAllowlistRuleSearchRequest).transform(this::transform);
    }

    @Transactional
    public DmzSecretScanningAllowlistRule update(SecretScanningAllowlistSetRequest secretScanningAllowlistSetRequest, Scope scope) {
        Objects.requireNonNull(secretScanningAllowlistSetRequest, "request");
        ValidationUtils.validate(this.validator, secretScanningAllowlistSetRequest, new Class[]{Update.class});
        InternalSecretScanningAllowlistRule internalSecretScanningAllowlistRule = (InternalSecretScanningAllowlistRule) this.dao.getById(secretScanningAllowlistSetRequest.getId());
        if (internalSecretScanningAllowlistRule == null || !isAdminForScope(internalSecretScanningAllowlistRule.getScope()) || internalSecretScanningAllowlistRule.getScope().getType() != scope.getType()) {
            throw new NoSuchEntityException(this.i18nService.createKeyedMessage("bitbucket.secretscanning.error.nosuchrule", new Object[]{secretScanningAllowlistSetRequest.getId()}));
        }
        DmzSecretScanningAllowlistRule transform = transform(internalSecretScanningAllowlistRule);
        String str = (String) ObjectUtils.firstNonNull(new String[]{secretScanningAllowlistSetRequest.getName(), internalSecretScanningAllowlistRule.getName()});
        String str2 = (String) ObjectUtils.firstNonNull(new String[]{secretScanningAllowlistSetRequest.getLineRegex(), (String) internalSecretScanningAllowlistRule.getLineRegex().orElse(null)});
        String str3 = (String) ObjectUtils.firstNonNull(new String[]{secretScanningAllowlistSetRequest.getPathRegex(), (String) internalSecretScanningAllowlistRule.getPathRegex().orElse(null)});
        validateRequiredRegex(str2, str3);
        DmzSecretScanningAllowlistRule transform2 = transform((InternalSecretScanningAllowlistRule) this.dao.update(internalSecretScanningAllowlistRule.copy().name(str).lineRegex(str2).pathRegex(str3).build()));
        this.eventPublisher.publish(new SecretScanningAllowlistRuleUpdatedEvent(this, transform2, transform, internalSecretScanningAllowlistRule.getScope()));
        return transform2;
    }

    private boolean isAdminForScope(Scope scope) {
        return ((Boolean) scope.accept(new ScopeVisitor<Boolean>() { // from class: com.atlassian.bitbucket.internal.secretscanning.rules.DefaultSecretScanningAllowlistRuleService.1
            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Boolean m35visit(GlobalScope globalScope) {
                return Boolean.valueOf(DefaultSecretScanningAllowlistRuleService.this.permissionService.hasGlobalPermission(Permission.ADMIN));
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Boolean m34visit(ProjectScope projectScope) {
                return Boolean.valueOf(DefaultSecretScanningAllowlistRuleService.this.permissionService.hasProjectPermission(projectScope.getProject(), Permission.PROJECT_ADMIN));
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Boolean m33visit(RepositoryScope repositoryScope) {
                return Boolean.valueOf(DefaultSecretScanningAllowlistRuleService.this.permissionService.hasRepositoryPermission(repositoryScope.getRepository(), Permission.REPO_ADMIN));
            }
        })).booleanValue();
    }

    private DmzSecretScanningAllowlistRule transform(InternalSecretScanningAllowlistRule internalSecretScanningAllowlistRule) {
        return new SimpleSecretScanningAllowlistRule.Builder(internalSecretScanningAllowlistRule).build();
    }

    private void validateIsAdminForScope(Scope scope) {
        scope.accept(new ScopeVisitor<Void>() { // from class: com.atlassian.bitbucket.internal.secretscanning.rules.DefaultSecretScanningAllowlistRuleService.2
            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m38visit(GlobalScope globalScope) {
                DefaultSecretScanningAllowlistRuleService.this.permissionValidationService.validateForGlobal(Permission.ADMIN);
                return null;
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m37visit(ProjectScope projectScope) {
                DefaultSecretScanningAllowlistRuleService.this.permissionValidationService.validateForProject(projectScope.getProject(), Permission.PROJECT_ADMIN);
                return null;
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m36visit(RepositoryScope repositoryScope) {
                DefaultSecretScanningAllowlistRuleService.this.permissionValidationService.validateForRepository(repositoryScope.getRepository(), Permission.REPO_ADMIN);
                return null;
            }
        });
    }

    private void validateRequiredRegex(@Nullable String str, @Nullable String str2) {
        if (StringUtils.isBlank(str) && StringUtils.isBlank(str2)) {
            throw new ArgumentValidationException(this.i18nService.createKeyedMessage("bitbucket.secretscanning.error.regex.required", new Object[0]));
        }
    }

    private void validateScopeType(Scope scope) {
        scope.accept(new ScopeVisitor<Void>() { // from class: com.atlassian.bitbucket.internal.secretscanning.rules.DefaultSecretScanningAllowlistRuleService.3
            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m40visit(GlobalScope globalScope) {
                throw new ArgumentValidationException(DefaultSecretScanningAllowlistRuleService.this.i18nService.createKeyedMessage("bitbucket.secretscanning.error.scope.allowlist.global.nocreate", new Object[0]));
            }

            /* renamed from: visit, reason: merged with bridge method [inline-methods] */
            public Void m39visit(@Nonnull ProjectScope projectScope) {
                if (projectScope.getProject().getType() == ProjectType.PERSONAL) {
                    throw new ArgumentValidationException(DefaultSecretScanningAllowlistRuleService.this.i18nService.createKeyedMessage("bitbucket.secretscanning.error.scope.project.personal.nocreate", new Object[0]));
                }
                return null;
            }
        });
    }
}
